Data from 76 Sherriff's Offices Exposed by Anonymous

By Kevin McCaney

08/08/2011

As part of its AntiSec initiative, the hacker group Anonymous exploited a hole in a third-party provider's site and exposed 10G of data from rural sheriff's offices.

Much of the exposed information appeared to be routine, but the data did include e-mail messages and confidential information from informants, as well as passwords, Social Security numbers and credit card numbers, IDG News Service reported.

The hack was carried out as part of the AntiSec hacking campaign, announced in June as a joint effort of Anonymous and the since disbanded Lulz Security to attack and release information from government Web sites.

The stolen data came from 76 Web sites in 11 states, the Register reported. Most of it came from sheriff's offices in Arkansas, Kansas, Louisiana, Missouri and Mississippi, according to the Associated Press.

The release of the data, on Aug. 6, was apparently in retaliation to recent arrests of alleged members of the two groups. In July, the FBI arrested 16 alleged members of Anonymous in connection with a hack of the PayPal Web site earlier this year.

In recent months, other members of Anonymous and LulzSec have been arrested in Great Britain, Turkey and Spain.

According to a statement from AntiSec posted Aug. 6, hackers exploited a weakness in servers at Brooks-Jeffrey, a Mountain Home, Ark., online marketing firm that hosted the sites.

"It took less than 24 hours to root BJM's server and copy all their data to our private servers," according to the group's statement, IDG reported.

Anonymous and LulzSec have carried out a series of high-profile attacks on government Web sites this year, among them breaches of sites run by the CIA, U.S. Senate, NATO, the Brazilian government, Arizona law enforcement agencies and several large corporations.

In a statement posted Aug. 8 on an Anonymous Twitter account, AntiSec also claims a hack of the Syrian Defense Ministry Web site.

The group posted statements in Arabic and English, the English statement expressing support for Syrians, saying "the world stands with you against the brutal regime of Syrian President] Bashar Al-Assad," the Washington Post reports.

Despite the illegal nature of the hacks -- and the fact that releasing some law enforcement information could endanger police and informants -- Anonymous' wide-ranging strikes could be drawing some sympathy from the IT security community.

B.K. DeLong of ThreatPost, writing from the Black Hat and Defcon conferences in Law Vegas, contends that some corporate and government security pros at the conferences privately expressed a certain amount of support for Anonymous.

The reason, DeLong writes, is that they're frustrated by an organizational emphasis on regulatory compliance, which dominates the focus of top-level executives while real security efforts go underfunded. A few of them might even be willing to quietly tip off hackers to their organization's weaknesses to underscore the point.

And Robert McMillan of IDG News Service even offers three tips on how Anonymous can improve to better get its message across.